Solved

Citrix Receiver Pass Through Not Working

Posted on 2013-10-31
5
6,789 Views
Last Modified: 2013-11-05
Hi There,

I have an installation of StoreFront 2.1 setup and the legacy support setup (so as to use the webservice type option) All security is setup i.e. pass through.
(Setup on a windows 2008 r2 box 64bit)

I have setup the domain policy as recomeneded for Citrix Pass through.

I have installed Citrix Receiver Enterprise 3.3 on a workstation (file version shows as 13.3.0.55).

The installation has been done as I would have if using webinterface and that is to do this:-
CitrixReceiverEnterprise.exe /silent /includeSSON ADDLOCAL="ReceiverInside,ICA_Client,SSON,USB,DesktopViewer,Flash,PN_Agent,Vd3d" SERVER_LOCATION="http://"My storefront server"/Citrix/VisiCAD/PNAgent/config.xml" ENABLE_SSON="Yes"

OK so with this done and a restart the citrix receiver is installed and when i go into the about settings i can see Pass through is set correct. Also the icons of the app appear on the desktop so all looks great BUT I then double click the app and get the following message:
Citrix Receiver
The credentials supplied were invalid. Please try again.

Just to reconfirm I have done the recomended settings on the store front for pass through i.e. config as follows:
<LogonMethod>sson</LogonMethod>
<EnableKerberos>false</EnableKerberos>

and as mentioned above the Policy setting for Citrix and just to confirm the user logging on has full access to the application (I can test this by changing the setings to prompt for a user entry and the app will load if I key in the same log in details!!!!)

I can also confirm that IIS 7.5 has the authentication settings enabled.

For info on this machine where the receiver is installed if i change that to use a webinterface installation (Pre storefront) it works with no errors.

Hope someone can help please :)

Big thanks,

Steve
0
Comment
Question by:objectivity
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:Daniel Borger
ID: 39613880
It's been a while since I saw this issue but I had these links saved as a resolution.

http://support.citrix.com/article/CTX133901
http://support.citrix.com/article/CTX133855
http://retrodesign.no/technet/2013/03/09/storefront-domain-pass-through-authentication-not-working/

I was on a project and ended up using the default website in Xendesktop to get the icons to work at first.
0
 

Author Comment

by:objectivity
ID: 39614008
Hi Thanks for the reply.

I can say I have tried/checked these links for info they mention storefront 1.1 and we are using 2.1 and I know there have been some changes in the version.

We are using kerberos settings and configured as per recomendations. With this I get the icons on the screen and the pass-through in the receiver but when you double click the icons you get the error.

For info if i do the same settings with webinterface there are no problems!!!!!!

I have also configured all the IIS settings for pass-though too.

Oh and the storefront shows the correct name to match the server name. i.e. when i run
setspn –L <hostname of Storefront server>

This has turned into a frustrating one.

Big thanks,

Steve
Receiver-Settings.PNG
0
 
LVL 12

Expert Comment

by:Daniel Borger
ID: 39614026
I doubled back to the customer I worked with and it seems we ended up using web interface with for just the PNagent on the xendesktops. I had a case open with Citrix and was not getting anywhere.
0
 

Accepted Solution

by:
objectivity earned 0 total points
ID: 39614489
Hi There cant beleive it fixed the issue.

I enabled storefront tracing and found there is an extra config you have to chage. Unfortunately there is no gui anymore for services so you just have to do it all yourself :)

So basically you do this and it works; thats it!!!!!!
C:\inetpub\wwwroot\Citrix\[storefront name]\web.config

Set the logonMethod to sson
 
    <pnaProtocolResources changePasswordAllowed="Never" logonMethod="sson" kerberosEnabled="false" changePasswordMethod="Proxy" changePasswordUrl="">


This is on top of all the other stuff you have to do manual as well.

Thanks for your input anyway

Cheers,

Steve
0
 

Author Closing Comment

by:objectivity
ID: 39623784
This solution makes the reciver to storefront 2.1 pass-through authentication work.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
As a business owner, there are many things that keep you up at night. Profit margins, employee retention, human resource protocols, whether your product or service will remain competitive. When you own or manage a technology company that operates la…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question